cbcvebase.
CVE-2020-9900
published 2020-10-22

CVE-2020-9900: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and…

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges.

Affected

13 ranges
VendorProductVersion rangeFixed in
appleios>= unspecified < iOS 13.6 and iPadOS 13.6iOS 13.6 and iPadOS 13.6
appleios_13.6_and_ipados
appleipados< 13.613.6
appleiphone_os< 13.613.6
applemac_os_x< 10.15.610.15.6
applemacos>= unspecified < macOS Catalina 10.15.6macOS Catalina 10.15.6
applemacos_catalina_10.15.6_security_update_2020-004_mojave_security_update_2020-004
appletvos< 13.4.813.4.8
appletvos
appletvos>= unspecified < tvOS 13.4.8tvOS 13.4.8
applewatchos< 6.2.86.2.8
applewatchos
applewatchos>= unspecified < watchOS 6.2.8watchOS 6.2.8